external
/
citus
mirror of https://github.com/citusdata/citus.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

6c66b74 - Raise the minimum supported OpenSSL version to 1.1.1 

Enhance OpenSSL initialization and certificate date adjustment for compatibility with OpenSSL versions

Refactor OpenSSL initialization and certificate date adjustment for improved clarity and consistency

Update SSL context creation to use TLS_method for improved security and maintain compatibility with OpenSSL 1.1.0+

Refactor SSL context creation to use TLS_method for OpenSSL 1.1.0+ compatibility

Fix preprocessor conditionals for OpenSSL version checks in SSL setup functions
m3hm3t/pg18_support
Mehmet Yilmaz 2025-05-14 12:18:34 +00:00
parent b8fb6dbf37
commit 41f2df8832
2 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/backend/distributed/metadata/node_metadata.c
View File

@ -2970,11 +2970,11 @@ DeleteNodeRow(char *nodeName, int32 nodePort)
/* PG 18+ adds a bool “deferrable_ok” parameter */ /* PG 18+ adds a bool “deferrable_ok” parameter */
Relation replicaIndex = Relation replicaIndex =
index_open(RelationGetPrimaryKeyIndex(pgDistNode, false), index_open(RelationGetPrimaryKeyIndex(pgDistNode, false),
RowExclusiveLock); AccessShareLock);
#else #else
Relation replicaIndex = Relation replicaIndex =
index_open(RelationGetPrimaryKeyIndex(pgDistNode), index_open(RelationGetPrimaryKeyIndex(pgDistNode),
RowExclusiveLock); AccessShareLock);
#endif #endif

29
src/backend/distributed/utils/enable_ssl.c
View File

@ -239,18 +239,28 @@ CreateCertificatesWhenNeeded()
SSL_CTX *sslContext = NULL; SSL_CTX *sslContext = NULL;
/* /*
* Since postgres might not have initialized ssl at this point we need to initialize * Ensure the OpenSSL library is initialized so we can create our SSL context.
* it our self to be able to create a context. This code is less extensive then * On OpenSSL 1.1.0 we call OPENSSL_init_ssl() (which also loads the default
* postgres' initialization but that will happen when postgres reloads its * config), and on older versions we fall back to SSL_library_init().
* configuration with ssl enabled. * PostgreSQL itself will perform its full SSL setup when it reloads
* its configuration with ssl enabled.
*/ */
#ifdef HAVE_OPENSSL_INIT_SSL #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
/* OpenSSL 1.1.0+ */
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL); OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
#else #else
/* OpenSSL < 1.1.0 */
SSL_library_init(); SSL_library_init();
#endif #endif
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
sslContext = SSL_CTX_new(TLS_method());
#else
sslContext = SSL_CTX_new(SSLv23_method()); sslContext = SSL_CTX_new(SSLv23_method());
#endif
if (!sslContext) if (!sslContext)
{ {
ereport(WARNING, (errmsg("unable to create ssl context, please verify ssl " ereport(WARNING, (errmsg("unable to create ssl context, please verify ssl "
@ -379,8 +389,17 @@ CreateCertificate(EVP_PKEY *privateKey)
* would fail right after an upgrade. Instead of working until the certificate * would fail right after an upgrade. Instead of working until the certificate
* expiration date and then suddenly erroring out. * expiration date and then suddenly erroring out.
*/ */
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
/* New mutable accessors (present in 1.1, 3.x). */
X509_gmtime_adj(X509_getm_notBefore(certificate), 0);
X509_gmtime_adj(X509_getm_notAfter(certificate), 0);
#else
/* Legacy functions kept for 1.0.x compatibility. */
X509_gmtime_adj(X509_get_notBefore(certificate), 0); X509_gmtime_adj(X509_get_notBefore(certificate), 0);
X509_gmtime_adj(X509_get_notAfter(certificate), 0); X509_gmtime_adj(X509_get_notAfter(certificate), 0);
#endif
/* Set the public key for our certificate */ /* Set the public key for our certificate */
X509_set_pubkey(certificate, privateKey); X509_set_pubkey(certificate, privateKey);